Possible virus/spyware issues-please help!

May 27, 2009 at 20:43:17
Specs: Windows XP

OK, here's the basics of what is happening:

I first noticed an issue when I tried to open mozilla firefox. I got a report that it had previously crashed and given the option to quit or restart it. Either option was unsucessful-I cannot open mozilla.

I uninstalled and attempted to re-install mozilla when I ran into the next set of problems. I cannot get to www.google.com. I get the page cannot be displayed message. I went onto the mozilla site in an attempt to re-install the browser, and every link is a redirect wo www.google-analistycs.com/something-something-something-or-other. This also happens on other sites, but not all. I have run my virus scanner, spyware scanner, etc. and cleaned out a few things that came up, but I am still having issues.

Thanks for any and all help with this matter, I appreciate your time!


JD


See More: Possible virus/spyware issues-please help!

Report •


#1
May 27, 2009 at 21:03:50

Can you post your scan log of AV and spyware scanner.

--------------------------------------------
To Private Message me Click Here


Report •

#2
May 28, 2009 at 00:01:27

Also Is your Virus scanner and anti Spy ware updated?

Want A Weekly Update on Latest System Security Problem http://www.systemsecurityinstitute.org


Report •

#3
May 28, 2009 at 04:10:41

OK, I use Spybot, Ad-Aware and AVG. I couldn't locate where a spybot log would be if it exists. The ad-aware log is included with this post. AVG found nothing-yes, it is out-of-date, but I think it is affected by whatever is going on-it won't connect to the update server. I attempted an online scan with trendmicro housecall, but that apparently has issues too. About this time I was out of time and patience and had to go to bed before my head exploded. Thanks again for your time! =)

Jenny D


References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):47 total references
Tracking Cookie(TAC index:3):59 total references
Win32.Backdoor.Small(TAC index:10):2 total references
Win32.Trojan.Agent(TAC index:10):2 total references
Zango(TAC index:4):1 total references
Unknown(TAC index:0):3 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Ignore spanned files when scanning cab archives
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Block pop-ups aggressively
Set : Automatically select problematic objects in results lists
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Show splash screen
Set : Backup current definitions file before updating
Set : Play sound at scan completion if scan locates critical objects


5-27-2009 11:28:27 AM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Jenny Donner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Jenny Donner\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\mediaplayer\preferences
Description : last search path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\windows\currentversion\applets\regedit
Description : last key accessed using the microsoft registry editor


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1012\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-3429031705-3064612751-2598124655-1006\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history

TO BE CONTINUED......


Report •

Related Solutions

#4
May 28, 2009 at 04:12:08

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 668
ThreadCreationTime : 5-27-2009 10:27:29 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 5-27-2009 10:27:31 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 740
ThreadCreationTime : 5-27-2009 10:27:31 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 788
ThreadCreationTime : 5-27-2009 10:27:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 800
ThreadCreationTime : 5-27-2009 10:27:33 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1028
ThreadCreationTime : 5-27-2009 10:27:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1076
ThreadCreationTime : 5-27-2009 10:27:35 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1208
ThreadCreationTime : 5-27-2009 10:27:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1380
ThreadCreationTime : 5-27-2009 10:27:36 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1456
ThreadCreationTime : 5-27-2009 10:27:37 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [vsmon.exe]
FilePath : C:\WINDOWS\SYSTEM32\ZoneLabs\
ProcessID : 1484
ThreadCreationTime : 5-27-2009 10:27:37 AM
BasePriority : Normal
FileVersion : 7.0.483.000
ProductVersion : 7.0.483.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1632
ThreadCreationTime : 5-27-2009 10:27:49 AM
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1984
ThreadCreationTime : 5-27-2009 10:27:55 AM
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:14 [applemobiledeviceservice.exe]
FilePath : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\
ProcessID : 312
ThreadCreationTime : 5-27-2009 10:28:01 AM
BasePriority : Normal
FileVersion : 2.12.36.0
ProductVersion : 2.12.36.0
ProductName : Apple Mobile Device Service
CompanyName : Apple Inc.
FileDescription : Apple Mobile Device Service
InternalName : AppleMobileDeviceService
LegalCopyright : © 2007-2008 Apple Inc. All Rights Reserved.
OriginalFilename : AppleMobileDeviceService.exe

#:15 [guard.exe]
FilePath : C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\
ProcessID : 328
ThreadCreationTime : 5-27-2009 10:28:01 AM
BasePriority : Normal
FileVersion : 7, 5, 1, 22
ProductVersion : 7, 5, 1, 22
ProductName : AVG Anti-Spyware
CompanyName : GRISOFT s.r.o.
FileDescription : AVG Anti-Spyware guard
InternalName : AVG Anti-Spyware guard
LegalCopyright : Copyright © 2007 GRISOFT s.r.o.
OriginalFilename : guard.exe

#:16 [avgamsvr.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 384
ThreadCreationTime : 5-27-2009 10:28:01 AM
BasePriority : Normal
FileVersion : 7.5.0.496
ProductVersion : 7.5.0.496
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Alert Manager
InternalName : avgamsvr
LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename : avgamsvr.EXE

#:17 [avgupsvc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 440
ThreadCreationTime : 5-27-2009 10:28:01 AM
BasePriority : Normal
FileVersion : 7.5.0.420
ProductVersion : 7.5.0.420
ProductName : AVG 7.5 Anti-Virus System
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Update Service
InternalName : avgupsvc
LegalCopyright : Copyright © 2006 GRISOFT, s.r.o.
OriginalFilename : avgupdsvc.EXE

#:18 [avgemc.exe]
FilePath : C:\PROGRA~1\Grisoft\AVG7\
ProcessID : 480
ThreadCreationTime : 5-27-2009 10:28:02 AM
BasePriority : Normal
FileVersion : 7.5.0.510
ProductVersion : 7.5.0.510
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG E-Mail Scanner
InternalName : avgemc
LegalCopyright : Copyright © 2007 GRISOFT, s.r.o.
OriginalFilename : avgemc.exe

#:19 [mdnsresponder.exe]
FilePath : C:\Program Files\Bonjour\
ProcessID : 496
ThreadCreationTime : 5-27-2009 10:28:02 AM
BasePriority : Normal
FileVersion : 1,0,6,2
ProductVersion : 1,0,6,2
ProductName : Bonjour
CompanyName : Apple Inc.
FileDescription : Bonjour Service
InternalName : mDNSResponder.exe
LegalCopyright : Copyright (C) 2003-2008 Apple Inc.
OriginalFilename : mDNSResponder.exe

#:20 [ehrecvr.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 528
ThreadCreationTime : 5-27-2009 10:28:02 AM
BasePriority : ?
FileVersion : 5.1.2700.2180 (private/xpsp_mce.040810-0205)
ProductVersion : 5.1.2700.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Receiver Service
InternalName : ehRecvr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehRecvr.exe

#:21 [ehsched.exe]
FilePath : C:\WINDOWS\eHome\
ProcessID : 880
ThreadCreationTime : 5-27-2009 10:28:03 AM
BasePriority : Normal
FileVersion : 5.1.2700.2180 (private/xpsp_mce.040810-0205)
ProductVersion : 5.1.2700.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Media Center Scheduler Service
InternalName : ehSched
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ehSched.exe

#:22 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\
ProcessID : 1148
ThreadCreationTime : 5-27-2009 10:28:03 AM
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:23 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1408
ThreadCreationTime : 5-27-2009 10:28:04 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:24 [tangoservice.exe]
FilePath : C:\Program Files\Efficient Networks\Tango Manager\app\
ProcessID : 1700
ThreadCreationTime : 5-27-2009 10:28:04 AM
BasePriority : Normal


#:25 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1772
ThreadCreationTime : 5-27-2009 10:28:05 AM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: dnsrv(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:26 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2040
ThreadCreationTime : 5-27-2009 10:28:05 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:27 [dllhost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2584
ThreadCreationTime : 5-27-2009 10:28:16 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : COM Surrogate
InternalName : dllhost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : dllhost.exe

#:28 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2728
ThreadCreationTime : 5-27-2009 10:28:17 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:29 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2940
ThreadCreationTime : 5-27-2009 10:28:18 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:30 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 3288
ThreadCreationTime : 5-27-2009 10:28:40 AM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:31 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3296
ThreadCreationTime : 5-27-2009 10:28:41 AM
BasePriority : Normal
FileVersion : 3.0.0.4410
ProductVersion : 7.0.0.4410
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:32 [dvdlauncher.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 3324
ThreadCreationTime : 5-27-2009 10:28:42 AM
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright (c) 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE

#:33 [ipoint.exe]
FilePath : C:\Program Files\Microsoft IntelliPoint\
ProcessID : 3340
ThreadCreationTime : 5-27-2009 10:28:42 AM
BasePriority : Normal


#:34 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3352
ThreadCreationTime : 5-27-2009 10:28:42 AM
BasePriority : Normal
FileVersion : 0.1.1.45
ProductVersion : 0.1.1.45
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2007
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:35 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 3360
ThreadCreationTime : 5-27-2009 10:28:43 AM
BasePriority : Normal
FileVersion : 7.0.483.000
ProductVersion : 7.0.483.000
ProductName : ZoneAlarm Client
CompanyName : Zone Labs, LLC
FileDescription : ZoneAlarm Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:36 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 3384
ThreadCreationTime : 5-27-2009 10:28:45 AM
BasePriority : Normal
FileVersion : 8.1.0.51
ProductVersion : 8.1.0.51
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2009 Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:37 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3392
ThreadCreationTime : 5-27-2009 10:28:45 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:38 [stickypad.exe]
FilePath : C:\Program Files\StickyPad\
ProcessID : 3408
ThreadCreationTime : 5-27-2009 10:28:46 AM
BasePriority : Normal
FileVersion : 2.02.0048
ProductVersion : 2.02.0048
ProductName : StickyPad
CompanyName : Green Eclipse
FileDescription : StickyPad
InternalName : StickyPad
LegalCopyright : © 1999-2005 Green Eclipse
OriginalFilename : StickyPad.exe
Comments : www.greeneclipse.com

#:39 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3416
ThreadCreationTime : 5-27-2009 10:28:46 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:40 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 4064
ThreadCreationTime : 5-27-2009 10:29:06 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:41 [ipodservice.exe]
FilePath : C:\Program Files\iPod\bin\
ProcessID : 2652
ThreadCreationTime : 5-27-2009 10:29:22 AM
BasePriority : Normal
FileVersion : 8.1.0.51
ProductVersion : 8.1.0.51
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iPodService Module
InternalName : iPodService
LegalCopyright : © 2003-2009 Apple Inc. All Rights Reserved.
OriginalFilename : iPodService.exe

#:42 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 2144
ThreadCreationTime : 5-27-2009 11:14:30 AM
BasePriority : Normal


#:43 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 3944
ThreadCreationTime : 5-27-2009 11:14:31 AM
BasePriority : High


#:44 [wscntfy.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2516
ThreadCreationTime : 5-27-2009 11:14:51 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Security Center Notification App
InternalName : wscntfy.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : wscntfy.exe

#:45 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1232
ThreadCreationTime : 5-27-2009 11:14:52 AM
BasePriority : Normal
FileVersion : 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)
ProductVersion : 6.00.2900.3156
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:46 [tfswctrl.exe]
FilePath : C:\WINDOWS\system32\dla\
ProcessID : 3548
ThreadCreationTime : 5-27-2009 11:15:33 AM
BasePriority : Normal
FileVersion : 1.04.08a
CompanyName : Sonic Solutions
FileDescription : Drive Letter Access Component
LegalCopyright : Copyright © 2004 Sonic Solutions

#:47 [hkcmd.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1396
ThreadCreationTime : 5-27-2009 11:15:33 AM
BasePriority : Normal
FileVersion : 3.0.0.4410
ProductVersion : 7.0.0.4410
ProductName : Intel(R) Common User Interface
CompanyName : Intel Corporation
FileDescription : hkcmd Module
InternalName : HKCMD
LegalCopyright : Copyright 1999-2004, Intel Corporation
OriginalFilename : HKCMD.EXE

#:48 [dvdlauncher.exe]
FilePath : C:\Program Files\CyberLink\PowerDVD\
ProcessID : 656
ThreadCreationTime : 5-27-2009 11:15:34 AM
BasePriority : Normal
FileVersion : 3.00.0000
ProductVersion : 3.00.0000
ProductName : Cyberlink PowerCinema 3.0
CompanyName : CyberLink Corp.
FileDescription : CyberLink PowerCinema Resident Program
InternalName : CyberLink PowerCinema Resident Program
LegalCopyright : Copyright (c) 2003 CyberLink Corp.
OriginalFilename : DVDLauncher.EXE

#:49 [ipoint.exe]
FilePath : C:\Program Files\Microsoft IntelliPoint\
ProcessID : 192
ThreadCreationTime : 5-27-2009 11:15:35 AM
BasePriority : Normal


#:50 [realsched.exe]
FilePath : C:\Program Files\Common Files\Real\Update_OB\
ProcessID : 3568
ThreadCreationTime : 5-27-2009 11:15:36 AM
BasePriority : Normal
FileVersion : 0.1.1.45
ProductVersion : 0.1.1.45
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealNetworks Scheduler
InternalName : schedapp
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2007
LegalTrademarks : RealAudio(tm) is a trademark of RealNetworks, Inc.
OriginalFilename : realsched.exe

#:51 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 3564
ThreadCreationTime : 5-27-2009 11:15:36 AM
BasePriority : Normal
FileVersion : 7.0.483.000
ProductVersion : 7.0.483.000
ProductName : ZoneAlarm Client
CompanyName : Zone Labs, LLC
FileDescription : ZoneAlarm Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:52 [ituneshelper.exe]
FilePath : C:\Program Files\iTunes\
ProcessID : 2136
ThreadCreationTime : 5-27-2009 11:15:42 AM
BasePriority : Normal
FileVersion : 8.1.0.51
ProductVersion : 8.1.0.51
ProductName : iTunes
CompanyName : Apple Inc.
FileDescription : iTunesHelper Module
InternalName : iTunesHelper
LegalCopyright : © 2003-2009 Apple Inc. All Rights Reserved.
OriginalFilename : iTunesHelper.exe

#:53 [rundll32.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1736
ThreadCreationTime : 5-27-2009 11:15:44 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Run a DLL as an App
InternalName : rundll
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : RUNDLL.EXE

#:54 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 3656
ThreadCreationTime : 5-27-2009 11:15:48 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:55 [calendar.exe]
FilePath : C:\Program Files\Birthday Keeper\
ProcessID : 4004
ThreadCreationTime : 5-27-2009 11:16:07 AM
BasePriority : Normal


#:56 [avgcc.exe]
FilePath : C:\Program Files\Grisoft\AVG7\
ProcessID : 1348
ThreadCreationTime : 5-27-2009 11:18:57 AM
BasePriority : Normal
FileVersion : 7.5.0.545
ProductVersion : 7.5.0.545
ProductName : AVG Anti-Virus system
CompanyName : GRISOFT, s.r.o.
FileDescription : AVG Control Center
InternalName : AvgCC
LegalCopyright : Copyright © 2008 GRISOFT, s.r.o.
OriginalFilename : AvgCC.EXE

#:57 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Professional\
ProcessID : 1372
ThreadCreationTime : 5-27-2009 3:25:52 PM
BasePriority : Normal
FileVersion : 6.2.0.161
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved


MORE TO COME...


Report •

#5
May 28, 2009 at 04:13:01

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 47


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 47


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 47


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jenny donner@ads.pointroll[1].txt
Category : Data Miner
Comment : Cookie:jenny donner@ads.pointroll.com/
Value : Cookie:jenny donner@ads.pointroll.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jenny donner@live365[1].txt
Category : Data Miner
Comment : Cookie:jenny donner@live365.com/
Value : Cookie:jenny donner@live365.com/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jenny donner@walmartstores.112.2o7[1].txt
Category : Data Miner
Comment : Cookie:jenny donner@walmartstores.112.2o7.net/
Value : Cookie:jenny donner@walmartstores.112.2o7.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jenny donner@revsci[1].txt
Category : Data Miner
Comment : Cookie:jenny donner@revsci.net/
Value : Cookie:jenny donner@revsci.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jenny donner@iacas.adbureau[1].txt
Category : Data Miner
Comment : Cookie:jenny donner@iacas.adbureau.net/
Value : Cookie:jenny donner@iacas.adbureau.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jenny donner@2o7[2].txt
Category : Data Miner
Comment : Cookie:jenny donner@2o7.net/
Value : Cookie:jenny donner@2o7.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jenny donner@msnportal.112.2o7[1].txt
Category : Data Miner
Comment : Cookie:jenny donner@msnportal.112.2o7.net/
Value : Cookie:jenny donner@msnportal.112.2o7.net/

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jenny donner@tacoda[2].txt
Category : Data Miner
Comment : Cookie:jenny donner@tacoda.net/
Value : Cookie:jenny donner@tacoda.net/

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 55

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : jenny donner@live365[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Jenny Donner\Local Settings\Temp\Cookies\jenny donner@live365[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@247realmedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@247realmedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@2o7[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@2o7[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@about[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@about[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@ad.yieldmanager[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@ad.yieldmanager[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@adbrite[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@adbrite[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@adlegend[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@adlegend[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@adopt.euroclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@adopt.euroclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@adrevolver[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@adrevolver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@adrevolver[3].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@adrevolver[3].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@ads.bridgetrack[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@ads.bridgetrack[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@adserver.adtechus[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@adserver.adtechus[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@adserver[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@adserver[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@advertising[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@advertising[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@apmebf[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@apmebf[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@atdmt[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@atdmt[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@aws.112.2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@aws.112.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@bluestreak[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@bluestreak[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@bs.serving-sys[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@bs.serving-sys[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@c7.zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@c7.zedo[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@casalemedia[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@casalemedia[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@doubleclick[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@doubleclick[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@eaeacom.112.2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@eaeacom.112.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@ehg-dig.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@ehg-dig.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@ehg-nestleusainc.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@ehg-nestleusainc.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@ehg-techtarget.hitbox[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@ehg-techtarget.hitbox[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@fastclick[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@fastclick[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@hitbox[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@hitbox[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@insightexpressai[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@insightexpressai[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@live365[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@live365[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@media.adrevolver[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@media.adrevolver[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@mediaplex[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@mediaplex[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@oneeconomy.122.2o7[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@oneeconomy.122.2o7[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@overture[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@overture[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@questionmarket[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@questionmarket[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@realarcade[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@realarcade[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@realguide.real[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@realguide.real[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@realmedia[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@realmedia[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@real[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@real[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@revenue[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@revenue[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@rotator.adjuggler[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@rotator.adjuggler[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@searchportal.information[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@searchportal.information[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@serving-sys[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@serving-sys[2].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@statse.webtrendslive[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@statse.webtrendslive[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@tacoda[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@tacoda[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@trafficmp[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@trafficmp[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@tribalfusion[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@tribalfusion[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@viacom.adbureau[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@viacom.adbureau[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : kids@zedo[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Kids\Cookies\kids@zedo[2].txt

Zango Object Recognized!
Type : File
Data : Setup.exe
Category : Possible Browser Hijack attempt
Comment :
Object : C:\Documents and Settings\Kids\My Documents\garrett's folder\New Briefcase\
FileVersion : 53, 0, 7, 0
ProductVersion : 53, 0, 7, 0
ProductName : Setup
CompanyName : Zango, Inc.
FileDescription : Zango Installer
InternalName : Setup.exe
LegalCopyright : Copyright © 2006 - 2008. Zango, Inc. All rights reserved.
OriginalFilename : Setup.exe


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mark@ad.yieldmanager[1].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mark\Cookies\mark@ad.yieldmanager[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : mark@atdmt[2].txt
Category : Data Miner
Comment :
Value : C:\Documents and Settings\Mark\Cookies\mark@atdmt[2].txt

Win32.Trojan.Agent Object Recognized!
Type : File
Data : keymaker.exe
Category : Malware
Comment :
Object : C:\Program Files\Internet Explorer\

Win32.Backdoor.Small Object Recognized!
Type : File
Data : Uninstall.exe
Category : Malware
Comment :
Object : C:\Program Files\Sunshine Acres\

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 109


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
3 entries scanned.
New critical objects:0
Objects found so far: 109


Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Win32.Trojan.Agent Object Recognized!
Type : File
Data : SVCHOST.EXE
Category : Malware
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe


Win32.Backdoor.Small Object Recognized!
Type : File
Data : Uninstall.lnk
Category : Malware
Comment : Shortcut to bad file : C:\Documents and Settings\Jenny Donner\Start Menu\Programs\Sunshine Acres\Uninstall.lnk
Object : C:\Documents and Settings\Jenny Donner\Start Menu\Programs\Sunshine Acres\

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 5
Objects found so far: 114

2:17:00 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:02:48:32.625
Objects scanned:482154
Objects identified:67
Objects ignored:0
New critical objects:67


Report •

#6
May 28, 2009 at 06:24:50

Follow these steps:

Download and run Kaspersky AVP tool:

http://devbuilds.kaspersky-labs.com...

Once you download and start the tool select all the objects/places to be scanned and hit Scan. Fix what it detects and at the end of the scan post screenshot/scan-summary log of detected items that is fixed and which it could not fix.

--------------------------------------------
Donate


Report •

#7
May 28, 2009 at 12:40:01

OK, I am currently doing this but thought I'd post this so you can see the type of web-address it changes the links to...I was able to pull the real address out of the messed up link.

I was going to do a screenshot, but don't know how to post it here....this is the link I recieved:

"http://google-analistycs.com/r.php?u=81&b=-2146537337&q=http://devbuilds.kaspersky-labs.com...&s=other&url=http%3A//devbuilds.kaspersky-labs.com/devbuilds/AVPTool/"

I'll have that scan summary to you as soon as I can.

Jenny D


Report •

#8
May 28, 2009 at 12:45:58

Post the summary of the scan (detected files).

-------------------------------------------------


Report •

#9
May 28, 2009 at 13:15:49

Forgive me if I am missing something...I downloaded and ran the set-up and have a file folder on my desktop called "virus removal tool". Where do I need to go from here to start the scan?

Jenny D


Report •

#10
May 28, 2009 at 13:35:43

Open the folder and Run .exe. It will start AVP tool.

-------------------------------------------------


Report •

#11
May 28, 2009 at 15:28:24

OK...I have the following items when I open the folder:

is-S8C52 (folder)
install.tmp
Log.bat (MS-DOS Batch file)
Scan.bat (MS-DOS batch file)
script.bat (MS-DOS batch file)
start (shortcut)
unins000.dat (DAT file)
unins000.exe (Setup/uninstall)

When I click on start, nothing happens.

I did manage to get the trendmicro scan to go-i figure that's something at least, and that's what it is doing now...while I wait. Thanks for the continued help.

Jenny D



Report •

#12
May 28, 2009 at 15:44:58

Can you please post your AVZ log:
Note: Run AVZ in windows normal mode. If avz.exe doesn't start, then try to rename the file avz.exe to something else and try to run it again.

1) To create the logfile, download AVZ by clicking HERE. Please save this file to your desktop or "My Documents" folder.

2) Next, unpack the file to a new folder using the Compressed (zipped) folders wizard built into Windows XP/Vista, or a zip utility of your choice.

3) Once you have unpacked the contents of the zip archive, please launch the file AVZ.exe by double clicking on it or right clicking and selecting Open.
Note: If you are running Windows vista launch AVZ.exe by right clicking and selecting Run as Administrator

You should now see the main window of the AVZ utility. Please navigate to File->Custom Scripts. Copy the script below by using the keyboard shortcut CTRL+C or the corresponding option via right click.

begin
ExecuteStdScr(3);
RebootWindows(true);
end.

Paste the script into the execution window by using CTRL+V keyboard shortcut, or the "paste" option via the right click menu. Click on Run to run the script, the PC will reboot. After the reboot the LOG subfolder is created in the folder with AVZ, with a file called virusinfo_syscure.zip inside. Upload that file to rapidshare.com and paste the link here.

Image Tutorial

-------------------------------------------------


Report •

#13
May 28, 2009 at 15:45:31

hi
it could be malware or spyware
download malwarebytes (free edition)
and
superantispyware (free edition)
update them and run both (separatly)
i have found them both to be good apps
good luck

Report •

#14
May 28, 2009 at 16:41:15

OK, I am about to do what you said there with AVZ...but just for reference purposes or whatever, I'll share what trendmicro found. They don't create a log...but I copied the information.

BKDR_SMALL.JTS (25 INFECTIONS)
TROJ_WIMAD.AT
TROJ_WIMAD.CG
TROJ_KILLAV.AF
BKDR_SMALL.KCH
TROJ_AGENT.AONT
TROJ_SEEKWEL.AO

ADW_FREEZESCR (2 infections)
FREELOADER_SPYWARESTORMER
ADWARE_180SOLUTIONS


OK, off to do the AVZ thing...will post what you asked for as soon as I can!

Jenny D


Report •

#15
May 28, 2009 at 16:52:13

Let me know if you run into any problems creating the log.

-------------------------------------------------


Report •

#16
May 28, 2009 at 17:29:31

OK...so I sucessfully downloaded and ran AVZ...and during the restart, I lost all the icons on my desktop and was left with just my wallpaper. It only does it on my name, other computer users are not affected. Through the task manager I was able to copy the file I needed to a shared folder so that I could use another user to upload the file to rapidshare...and here's the link:

http://rs780l3.rapidshare.com/cgi-b...

Going to have to head to work soon, so you MIGHT be done with me until tomorrow morning! LOL Thanks so much!

Jenny D


Report •

#17
May 28, 2009 at 17:34:09

That is wrong link for rapidshare. Post the correct link.

-------------------------------------------------


Report •

#18
May 28, 2009 at 17:44:24

Oops...copied and pasted the wrong thing.....HER you go!!

http://rapidshare.com/files/2383576...

Jenny D


Report •

#19
May 28, 2009 at 18:28:25

Follow these steps in order numbered and don't go to next unless you have successfully done previous step:

1) Run this script in AVZ like before. Your computer will reboot.

begin
SetAVZGuardStatus(True);
SearchRootkit(true, true);
 DeleteService('is-SK2DNdrv');
 StopService('is-SK2DNdrv');
 QuarantineFile('is-SK2DNdrv.sys','');
 QuarantineFile('C:\Documents and Settings\Jenny Donner\Start Menu\Programs\Startup\_uninst_is-SK2DN.exe.bat','');
 QuarantineFile('C:\Documents and Settings\Jenny Donner\Start Menu\Programs\Startup\ChkDisk.dll','');
 QuarantineFile('C:\DOCUME~1\NETWOR~1\protect.dll','');
 QuarantineFile('C:\WINDOWS\system32\autochk.dll','');
 QuarantineFile('C:\WINDOWS\system32\DRIVERS\05434815.sys','');
 DeleteFile('C:\WINDOWS\system32\DRIVERS\05434815.sys');
 DeleteFile('C:\WINDOWS\system32\autochk.dll');
 DeleteFile('C:\DOCUME~1\NETWOR~1\protect.dll');
 DeleteFile('C:\Documents and Settings\Jenny Donner\Start Menu\Programs\Startup\ChkDisk.dll');
 DeleteFile('C:\Documents and Settings\Jenny Donner\Start Menu\Programs\Startup\_uninst_is-SK2DN.exe.bat');
 DeleteFile('is-SK2DNdrv.sys');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
RebootWindows(true);
end.

2) After reboot. Attach a Combofix log, please review and follow these instructions carefully.

Download it here -> http://download.bleepingcomputer.co...

Before Saving it to Desktop, please rename it to something like 123.exe to stop malware from disabling it.

Now, please make sure no other programs are running, close all other windows and pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) until after the scanning and removal process has taken place.

Please double click on the file you downloaded. Follow the onscreen prompts to start the scan. Once the scanning process has started please DO NOT click on the Combofix window or attempt to use your computer as this can cause the scanning process to stall. It may take a while to complete scanning and this is normal.

You will be disconnected from the internet and your desktop icons/toolbars will disappear during scanning, do not worry, this is normal and it will be restored after scanning has completed.

Combofix will create a logfile and display it after your computer has rebooted. Usually located in c:\combofix.txt, please upload that file to rapidshare.com and paste the link here.

-------------------------------------------------


Report •

#20
May 28, 2009 at 18:40:03

"I lost all the icons on my desktop and was left with just my wallpaper. It only does it on my name, other computer users are not affected. Through the task manager I was able to copy the file I needed to a shared folder" -- Are the desktop icon's back?? What do you mean by Task manager you were able to copy... windows task manager?? Is your other account admin account or normal user??

-------------------------------------------------


Report •

#21
May 29, 2009 at 08:03:30

OK, here's the link to the combofix log:

http://rapidshare.com/files/2385567...

Also interesting to note-after running combofix when the computer rebooted...the kaspersky virus removal tool came up!

Jenny D


To answer about the task manager thing...first of all...yes, the desktop icons are back. When they had previously disappeared I navigated to the file using windows task manager. The other account is an admin one, but still unable to access MY files, so I had to copy that log folder containing the .zip you needed to a shared folder so that I could access it to upload it to rapidshare--pretty much like driving the scenic route when the main road is shut down! LOL


Report •

#22
May 29, 2009 at 08:18:05

If the svchost file is the apparent virus, I'd recommend re-installing the operating system.

Hope this helps,

--

Wes


Report •

#23
May 29, 2009 at 08:18:43

Follow these steps in order numbered. Only move to next step if your successfully completed previous step.

1) Run this script in AVZ:

begin
CreateQurantineArchive('c:\quarantine.zip');
end.

2) A file called quarantine.zip should be created in C:\. Then please zip up C:\qoobox\quarantine and upload both it and C:\quarantine.zip to a filehost such as http://rapidshare.com/ Then, Private Message me the Download link to the uploaded file.

3) Lastly, uninstall Combofix by: pause Antivirus/Sypware programs (http://www.bleepingcomputer.com/forums/topic114351.html Programs to disable) > Start > run > type combofix /u > ok. Or Start > run > type 123 /u > ok.

-------------------------------------------------


Report •

#24
May 29, 2009 at 08:33:56

All 3 of these items are complete

Thank you!

Jenny D


Report •

#25
May 29, 2009 at 08:56:08

Uninstall AVP tool from Response Number 6. Let me know once you have.

-------------------------------------------------


Report •

#26
May 29, 2009 at 09:10:28

Thanks for the files. Please follow these steps in order numbered and post summary log after each step.

1) If you use Windows System restore, turn it off > reboot. How to turn it off/on: http://support.kaspersky.com/faq/?q... Run a full scan with: http://www.eset.eu/online-scanner

# Check the box next to YES, I accept the Terms of Use.
# Click Start
# When asked, allow the activex control to be installed.
# Click Start
# Check below options:

    * Remove found threats
    * Scan unwanted applications.

# Click Scan
# Wait for the scan to finish
# When it finishes it will create a log file here: C:\Program Files\EsetOnlineScanner\log.txt
# Attach this logfile to your next message.

Note: Turn system restore back on, if you wish; this to remove malware from system volume information files.

2) Install, update and run full scan with Malwarebytes' Anti-Malware. Attach malwarebyte full scan log, but Please Don't fix anything yet, until the log is reviewed.

3) Run full scan with your Antivirus. Also at this step your original problem should have been solved. You still have malware problem?

4) House cleaning [Optional]. Scan with SuperAntispyware : http://www.superantispyware.com/dow... . Fix what it detects and post summary scan log.

-------------------------------------------------


Report •

#27
May 29, 2009 at 12:16:44

AVP uninstalled

About to proceed with the remaining instructions.

Jenny D


Report •

#28
May 29, 2009 at 14:16:05

1)ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
# OnlineScanner.ocx=1.0.0.5863
# api_version=3.0.2
# EOSSerial=3715ca510fe0d547b12560b3cee705c0
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2009-05-29 09:07:13
# local_time=2009-05-29 05:07:13 (-0500, Eastern Daylight Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 2
# scanned=269670
# found=13
# cleaned=13
# scan_time=6309
C:\Documents and Settings\Jenny Donner\Desktop\avz4\Quarantine\2009-05-29\avz00002.dta Win32/Rootkit.Agent.NIZ trojan (cleaned by deleting - quarantined) E9545722B8BB5CD82EC31446EE32C60C
C:\Documents and Settings\Jenny Donner\Desktop\avz4\Quarantine\2009-05-29\avz00003.dta Win32/Rootkit.Agent.NIZ trojan (cleaned by deleting - quarantined) E9545722B8BB5CD82EC31446EE32C60C
C:\Documents and Settings\Jenny Donner\Desktop\avz4\Quarantine\2009-05-29\avz00004.dta Win32/Rootkit.Agent.NIZ trojan (cleaned by deleting - quarantined) E9545722B8BB5CD82EC31446EE32C60C
C:\Documents and Settings\Jenny Donner\My Documents\My Pando Packages\Nero 8 Ultra Edition 8.2.8.0 + Keymaker\Nero-8.2.8.0_eng_trial.exe Win32/Toolbar.AskSBar application (deleted - quarantined) F07E4F200E8B0DBD1E5A91F6B3805B00
C:\Documents and Settings\Jenny Donner\My Documents\My Pando Packages\Hidden Secrets The Nightmare.exe probably a variant of Win32/TrojanDownloader.Agent trojan (deleted - quarantined) 06EBD756B9A46BB466C6959B082A2526
C:\Documents and Settings\Mark\Local Settings\Application Data\Mozilla\Firefox\Profiles\rsn7ce5s.default\Cache\B7219B0Cd01 a variant of Win32/Kryptik.MD trojan (cleaned by deleting - quarantined) AB758F90C810D02B4D6A0EAB21BAEC41
C:\Program Files\Birthday Keeper\Birthday Keeper v7.0.2.124 Keymaker.exe probably a variant of Win32/Agent trojan (cleaned by deleting - quarantined) 7D1C695C9609E4DB64748453B50E11BC
C:\Program Files\Chocolatier 2 - Secret Ingredients\Uninstall.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 453E217D5EFC3E18EA310601136B89B1
C:\Program Files\Fashion Fits\Uninstall.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 453E217D5EFC3E18EA310601136B89B1
C:\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 42E47847FB89C2D819330CC3945A25FF
C:\Program Files\Super Granny 4\Uninstall.exe probably a variant of Win32/Spy.Agent trojan (cleaned by deleting - quarantined) 453E217D5EFC3E18EA310601136B89B1
C:\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL Win32/Toolbar.MyWebSearch application (cleaned by deleting - quarantined) 42E47847FB89C2D819330CC3945A25FF
C:\Program Files\Zylom Games\Delicious Deluxe\delicious.dll probably a variant of Win32/Statik application (cleaned by deleting - quarantined) 05A80431EBA4258CEA614F43ADF984B6

Report •

#29
May 30, 2009 at 04:46:49

2)Malwarebytes' Anti-Malware 1.37
Database version: 2193
Windows 5.1.2600 Service Pack 2

5/30/2009 7:45:20 AM
mbam-log-2009-05-30 (07-45-08).txt

Scan type: Full Scan (C:\|)
Objects scanned: 332848
Time elapsed: 1 hour(s), 23 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a6573479-9075-4a65-98a6-19fd29cf7374} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.
c:\program files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> No action taken.

Files Infected:
(No malicious items detected)


Report •

#30
May 30, 2009 at 05:55:51

Fix what it detects and your malware free.

-------------------------------------------------


Report •

#31
May 30, 2009 at 15:41:37

3) Nothing detected during the scan...seems to be all clear! Thanks SO much for your help on this issue, I really appreciate it!!

Also, I was wondering where the appropriate place would be to post for assistance with this next thing: my computer is running pretty slow. I am sure the registry is probably pretty full of useless crap. Where would I post for assitance in cleaning this out?

Thanks again--you've been great!!

Jenny D


Report •

#32
May 30, 2009 at 16:24:39

Run: http://onecare.live.com/site/en-Us/... and http://onecare.live.com/site/en-Us/...

-------------------------------------------------


Report •

#33
May 30, 2009 at 19:25:57

4) SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/30/2009 at 09:24 PM

Application Version : 4.26.1004

Core Rules Database Version : 3917
Trace Rules Database Version: 1861

Scan type : Complete Scan
Total Scan Time : 02:14:22

Memory items scanned : 492
Memory threats detected : 0
Registry items scanned : 6313
Registry threats detected : 0
File items scanned : 44792
File threats detected : 97

Adware.Tracking Cookie
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@www.burstbeacon[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@a1.interclick[2].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@collective-media[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@pagead[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@serving-sys[2].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@questionmarket[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@clicksense[2].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@lesbianlife1239285600[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@socialmedia[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@kontera[2].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@track.capitalistb---tards[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@revsci[2].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@trafficmp[2].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@yadro[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@iacas.adbureau[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@xiti[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@adserver.adtechus[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@tribalfusion[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@media6degrees[2].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@www.socialtrack[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@kaspersky.122.2o7[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@paganwiccan1239105600[2].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@avgtechnologies.112.2o7[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@smartadserver[2].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@interclick[2].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@bs.serving-sys[2].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@chitika[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@208.122.40[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@tacoda[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@ads.infinisource[1].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@at.atwola[2].txt
C:\Documents and Settings\Jenny Donner\Cookies\jenny donner@pagead[2].txt
.a.websponsors.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.a.websponsors.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.a.websponsors.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.advertstream.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.advertstream.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.advertstream.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.advertstream.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.advertstream.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.atwola.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.insightexpressai.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.precisionclick.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.usenext.de [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.usenext.de [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
.xiti.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
stats.manticoretechnology.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
www2.addfreestats.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
www5.addfreestats.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
www6.addfreestats.com [ C:\Documents and Settings\Jenny Donner\Application Data\Mozilla\Firefox\Profiles\grwzi24p.Jenny1\cookies.txt ]
C:\Documents and Settings\Kids\Cookies\kids@a1.interclick[1].txt
C:\Documents and Settings\Kids\Cookies\kids@AdDisplayTrackerServlet[1].txt
C:\Documents and Settings\Kids\Cookies\kids@adopt.specificclick[2].txt
C:\Documents and Settings\Kids\Cookies\kids@ads.cartoonnetwork[1].txt
C:\Documents and Settings\Kids\Cookies\kids@ads.pointroll[1].txt
C:\Documents and Settings\Kids\Cookies\kids@apmebf[1].txt
C:\Documents and Settings\Kids\Cookies\kids@at.atwola[2].txt
C:\Documents and Settings\Kids\Cookies\kids@cdn4.specificclick[2].txt
C:\Documents and Settings\Kids\Cookies\kids@clicksense[1].txt
C:\Documents and Settings\Kids\Cookies\kids@collective-media[1].txt
C:\Documents and Settings\Kids\Cookies\kids@dynamic.media.adrevolver[1].txt
C:\Documents and Settings\Kids\Cookies\kids@eyewonder[1].txt
C:\Documents and Settings\Kids\Cookies\kids@interclick[1].txt
C:\Documents and Settings\Kids\Cookies\kids@media.mtvnservices[2].txt
C:\Documents and Settings\Kids\Cookies\kids@media.photobucket[1].txt
C:\Documents and Settings\Kids\Cookies\kids@media6degrees[1].txt
C:\Documents and Settings\Kids\Cookies\kids@network.realmedia[1].txt
C:\Documents and Settings\Kids\Cookies\kids@nextag[2].txt
C:\Documents and Settings\Kids\Cookies\kids@oasn04.247realmedia[1].txt
C:\Documents and Settings\Kids\Cookies\kids@optimost[2].txt
C:\Documents and Settings\Kids\Cookies\kids@qnsr[1].txt
C:\Documents and Settings\Kids\Cookies\kids@smileycentral[2].txt
C:\Documents and Settings\Kids\Cookies\kids@specificclick[1].txt
C:\Documents and Settings\Kids\Cookies\kids@specificmedia[1].txt
C:\Documents and Settings\Kids\Cookies\kids@stats.manticoretechnology[2].txt
C:\Documents and Settings\Kids\Cookies\kids@viacom.adbureau[1].txt
C:\Documents and Settings\Kids\Cookies\kids@windowsmedia[1].txt
C:\Documents and Settings\Kids\Cookies\kids@www.burstbeacon[2].txt
C:\Documents and Settings\Kids\Cookies\kids@xiti[1].txt
C:\Documents and Settings\Mark\Cookies\mark@media6degrees[2].txt
C:\Documents and Settings\Mark\Cookies\mark@xiti[1].txt

and thanks for the links!!

Jenny D


Report •

#34
May 30, 2009 at 19:30:17

No problem let me know if Response Number 32 works or doesn't work for you.

-------------------------------------------------


Report •


Ask Question